Analysis Overview
SHA256
d945a6b91e6e4bfd78434e0b0e7be4c71e5200c434d430b692f5af64c7510801
Threat Level: No (potentially) malicious behavior was detected
The file a1be42b76a02e1d98d83c5988cbf05df_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:28
Reported
2024-06-12 18:31
Platform
win7-20240611-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A4FAFD51-28E9-11EF-9684-CE8752B95906} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000046da942beeb9cd85e3b64f4c1390727fe8acd2686659433a74fdd86afea6b4f000000000e8000000002000020000000a969cb55a9761af5536912b304c55160d8274a290f19cbd4e8ed13eb5509841420000000ec52285508ebb557e6152d8312befe47441ceda00bb1b77460fb562eed82eef540000000cd2de3ce17d82d7c186d528920a0ff473e67cd7a28032ef4af1ec7bcb439f4161a2b258769d5a4a885f08b79ea6784739a6354ccd8fe813370540218782c21dc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000001b134a356e695b556829a76b50092595a37a372238418cbac2b48425708ee684000000000e8000000002000020000000fe88496f5841fb648269dc7a6f00497aafa9d8d6a53219f1a3f912090e95fb24900000008ba923243b113bb777aeca7013f91d0f4d03763148e03dbe09d81be6bc5daa754820ce38ffb27812410a4f2e13cc78551bc21cbd39814c7ee9b47624ea42b9f28937373ad989980c163592b5875ccf85653fb82bedf02d26c7476bce517e1f0ab50f64e2cb3e2b47b1246693a3232918606399f1f4376df1a67d8769543b1809d6ee272c0e3f7ca021c5e2449d666233400000001a730b29ceff458e7b5827f11c1080379f0cfe8ed8a9072191c98e1c2837019c52c68b38e98a1d66447117a4de0fdf060fe3b58084ace8aabef671967dd13d23 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 601cb093f6bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378812" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1be42b76a02e1d98d83c5988cbf05df_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | manascisaac.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| CA | 192.149.104.172:80 | manascisaac.com | tcp |
| CA | 192.149.104.172:80 | manascisaac.com | tcp |
| CA | 192.149.104.172:80 | manascisaac.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db4f8d99ec5246071575945af0b5c39c |
| SHA1 | 1548759f510d732d793cfd68cb1adf7fd660b9b2 |
| SHA256 | 8b06ec231d34cb7819de0b4180c78dd7273ff65fa1c4a68e358d96f037f98724 |
| SHA512 | aeb1851ffebdaa9e1eeacd47a9fa07947bdc42dd2ecf82b9302bdbd07b35e93b5451fe506731f3b1288ba1ff3adfea43b8a2b4419277080a100a1a230c8cc2d2 |
C:\Users\Admin\AppData\Local\Temp\Tar4E90.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab4E8E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b07432c4a9db5529d531c897a250add |
| SHA1 | ba3eb05a4791136e98c703f2b91e00c567691b07 |
| SHA256 | 5334b0d24d3e47d48aa1c3b3b58be2b6c1cb3cd4a5d99c5c190545bb2b3ed40c |
| SHA512 | 7e99bdbc58a94bc6f756f3dc222cae61f6aabd8d529d8541c6c41f89ece74563254e6addae130ce3de18a594aa640cc9c5db23dc6317605c4e6a91e56dd62447 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80d01a3d0aab95c2444ea2939f72ba36 |
| SHA1 | 259487a8f10904a710e1d78c282c879d8913ffba |
| SHA256 | 2916bba2a63b905c048a280ec7b0ea2081b554cff584cc26ff2484c02337e58c |
| SHA512 | 37cb1d2f2dd479633fd89695ae2fd8f05bdf2efcb42caf71f0ab5c0ded4af871ff4a800cbaedf19e5e8a70529919f6201a72ea224a096163b7f7303a7312ca09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64c0901d56203a45f2c320b7bf856352 |
| SHA1 | 956dda3f13a1733976acb269f779b5fbda2055cc |
| SHA256 | ddb0024ec636c8afc50673855328461cf5ddc2b874138589851aceb2702e561f |
| SHA512 | 3b0d14b33abdecc8b69f148000a9d4f8a509b8de82005ad5f021582d71e65211416a99daa66d5cd060aedbdec72e0a732b5769d10d129e49eac67d9440536bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efcb16eca5bee66db4509d2fe95f0bb4 |
| SHA1 | 889fe4dd58e73d9e6c44574be9e07ccd363cf1d8 |
| SHA256 | 4722f155dc8b0c2f68bc500cb5e6e9920eb51122ddd65e0b5699a3127516d593 |
| SHA512 | 04790cdfb9ca8dc8b2a0e52d5bfe9fb32118b35ca2bc8aba598efe5201423164c4cdaf943aa195744be6238bbe8cb19d98f45fe365081eb9dcde331961058ca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cda8ca3c61c6b9f6d2e77b814594d47 |
| SHA1 | d09b3cf67f653a27e30f08fb1d8aa9d23fbc9fb6 |
| SHA256 | 7af0c6bfc95a489b4f5bd2ea2be2a499ca87a873d1116c87057e67177ee33ee2 |
| SHA512 | 010c942bf71ca765722d2b96ac78df86ef54257e7ea5bd2997d84e4ac0fc972529dc348aa7ebe3d38aad5369f5acd72fb4fb2cd53c1bc685f748a22bffef8798 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be60ad1ef59d995d93892159a577d1a5 |
| SHA1 | 648c36a47cbe84143ee0aa77e84d3d6e8c59497c |
| SHA256 | 1a154ef611d61eb3f2f582269a65bd7ab761a5f1beb5ca4082a9ffec2fa81e90 |
| SHA512 | fd2f1cadfe28263fc6b895de7372086a55bf6cf64813c03a0dd352cb54934a4ca831fa68e7b2e1d9471137e411ff00faacbb6e7d97cce202b100958d2f2e7af7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a11fa038bdfaf31f12d6b86315ab3154 |
| SHA1 | 393fc2f510acaae23b9a9909d0d83332d770a452 |
| SHA256 | 83c7690f35512e0b80b2dab8948ef9dba7816aa0ff73f73fa4bd59b2b75d7ce7 |
| SHA512 | 95cd29dbff1007526b772744359732e9511fab115475e2c43f0bb8fe9d9c77a5ac127e807412812ceb707bac6065e0c3dccdd1fcda4e9dcc2f47e6ee23c23482 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9405e73f236d42dda6eb79a4ab643232 |
| SHA1 | af14935646d47af40b3b1f8fdd11545c692cf669 |
| SHA256 | 13b840a89d80e0c81a4caa1cfb24b5ab45180acbd5bd42fec449c2cc7b7aea36 |
| SHA512 | 50176192f0feb1a77d3e0985c96fe90cb4bdc7e22e37a3358f818a43d75c209a60fe8b484febc434f5182a6b436cda1e12850a07824fd5f7015ffaa4d70c24cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7db6bc3f8f4d66e8a81f522616f18b6f |
| SHA1 | 33df09f24a8348b2ab70eda830ead48c85a6e02c |
| SHA256 | 3da5dc2891ba9314028ef5f3acd0d24521e90a6ce4d4664b7f2b00c1bbee2a61 |
| SHA512 | 7d2bcc705375e3180d7140db9a0cfce34a5e655b4d811edd19d27aaa02a48e2bb804a29ce62dbf3ee06a2ee8626abd0b66f1a1b8d9e4185811aac5f3521d86cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc9853ed5c3e5b469697721540fdd18f |
| SHA1 | 35b4fcc3dbf33cf57876b666389c842eccaa4352 |
| SHA256 | e346b6e15dae14378a723a6be6b164bfd24497d9a6f40d66cbe8e3c69c46ca29 |
| SHA512 | b7b43d9dda4c1af5588e05ee3be12e138172f6080890a86003f03db0c6ca7b17c6fd7b96970c596e1726f261ecbc72931a59525c617eae6f213fd8546ce0ca01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dce37b44245bcea86e4afa1c65781de |
| SHA1 | e40f79b048c05659cabfdac7519e44af0e23374b |
| SHA256 | 8fff03c74491f05344a074d05630abe6c76c1fb4f48fba094488de4530f9128b |
| SHA512 | c43769afba5e74a25e72c0b88a9ed58b6ce01063ec9b24f55f11694989ad732b06729a9b4b738685234674705b1c1735b4ffb3655337dd7bbf58ebc07986f627 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9acfdad430413086aac00fa3e9f21faa |
| SHA1 | 6184ae69f6f93be1bb3b6ad4000ccd12c849af72 |
| SHA256 | ac04918e18762bc6e05eaf53cf145093d2e8fc95e9b8135900c49452330ff1c4 |
| SHA512 | 0c65b3b097162fd296af47fbe6e99a819199473d36e8c5751c5c004346b214c0a9af26c4e6d15d513a95156597d6a7639797a99d8668cce3b5fa170df2dd4587 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 170124ced2b3b3b6449114c501644942 |
| SHA1 | 2a69a69185f91a70c5485acf76d4c0a007f4137d |
| SHA256 | 0b7ffe2ba7d7aa98650cd2470358ecfd25940d1d87e4689a20a7f5dd6c0d136b |
| SHA512 | dec95eeb5b7eafc466473a246967e7231020db5faa039bf2f7b29423bc2c5c68eb2266608d121b4413cc90298f6082c937b656fe82d9372f3db3321ee245073a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cd1bc10653ea183684c2b5de42df59d |
| SHA1 | 558242673dffc190b14f9accc69c34501311b946 |
| SHA256 | 3b9bb7286ec710242dea2487e6ee7229c476ea6018dbd9cc78235c26d626bfde |
| SHA512 | 1a38f00b1118aa26074651af4c7b9ce3611e0fa726ce357c5e89288b201e8860be91bdf77f332e876d211ad0ec74a4a0a30b7a5c1d10a28e872ba76bbf812f32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 967a26d08a65889ccc98ec2f31f84219 |
| SHA1 | a446861f4f3ba826debf61bfb73dbe8989089ab2 |
| SHA256 | c83a3e0231906cc2e6593a0923dd330e925c1c3a3a4eba019620461afec9c045 |
| SHA512 | 8f13b0c58bc3b07cf652e0919220b8e36c82e3c248d737e6a1750e05c475cff7a35ba3098d7be648c35daec956576c8b1e46f5e6a2163b1de6a41a61d9e668ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 202ea4ed5d01b7d4c20e35e61e9dd21d |
| SHA1 | be14c612a2a50b049140435cf03e165cce2a29de |
| SHA256 | 1353be0ec6423b9c86e11d7dac45ff5b0df370ef552edd5bb98a62c0954bfb39 |
| SHA512 | b94e466f34913bd2e23a13d375b2a7d2e09dfe2e39d12782d2635711c73af7f67521ed4abab30cb4e2e1018803646e4aa0c004307742e6aad1b5c87f46477cf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af3b9798135d2c47a7d20ef6fb6dbe88 |
| SHA1 | 46ce49a7d16198ec92f51f7f15f17f787a10ee3c |
| SHA256 | 543266b0884b969fcf91ace5ce65432be8685d9846256d6b8d74a32097926bc9 |
| SHA512 | 35c6fc6caf2d08ba2d48a602fc31e87f12a9dfe86f8131f67e9085e9dc7291f2780569d121b5809f75c066e997fb8237ce1c474926b8e98d9af611f498c96039 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ca761dba6e9a1c7f3d03ab3e5381f93 |
| SHA1 | 4cdc9188a5fd125d239c0232618f8b0fdfe81512 |
| SHA256 | a7c0a0943f857e0cea8aabb813d608ec1282a8da1f000954750c0f4a82db9cc2 |
| SHA512 | 444e2e22828254976ac061bd80c20f74c702b4c721d4fe9a02c7662b3dc51132a316aeb4b278d566e48215ea4165745acd21968160fdf3bf37ac7863578d0c76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c49176d023f57da4bf06da712d86120f |
| SHA1 | cfeb20e362f8e652d196175ee2276edeb77d475c |
| SHA256 | d356aa2b2148c2683bcf4365c6394fc625f621de97dcde489dd4be1e8d20ef24 |
| SHA512 | 6fd1189963ace6e28fe51387d4f909cca1c15394d85405013fa0d7f8aedf9823d5f97cd0632b8844f80c02dc4df6674dc1f6215dd02b72f892b621e587634bb2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:28
Reported
2024-06-12 18:31
Platform
win10v2004-20240611-en
Max time kernel
131s
Max time network
137s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1be42b76a02e1d98d83c5988cbf05df_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3992,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4952,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5312,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5480,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5488,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5940,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6980,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cloud.typography.com | udp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| DE | 23.201.248.34:445 | cloud.typography.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.21.189.233:443 | www.microsoft.com | tcp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 88.221.83.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cloud.typography.com | udp |
| DE | 23.201.248.34:139 | cloud.typography.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| BE | 88.221.83.219:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 219.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| NL | 52.111.243.29:443 | tcp | |
| US | 8.8.8.8:53 | manascisaac.com | udp |
| US | 8.8.8.8:53 | manascisaac.com | udp |
| CA | 192.149.104.172:80 | manascisaac.com | tcp |
| CA | 192.149.104.172:80 | manascisaac.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 88.221.83.241:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 241.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.178:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 178.83.221.88.in-addr.arpa | udp |